Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include:

The Canadian Centre for Cyber Security (CCCS).
United Kingdom’s National Cyber Security Centre (NCSC-UK).
New Zealand’s National Cyber Security Centre (NCSC-NZ).
Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Centre (NCSC).

Cyber threats to user privacy and data are growing, requiring customers to evaluate their processes for acquiring products and services from technology manufacturers. Proactive integration of security mitigations into the procurement process can assist in managing risks present within the technology supply chain and reduce costs for organizations. This guidance aids procuring organizations and manufacturers of digital products and services in choosing and developing technology that is secure by design. This is an update to previously released guidance (Secure by Design Choosing Secure and Verifiable Technologies).

CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.